Posted
by
Unknown Lamer
on Wednesday June 27, 2012 @10:12AM
from the crime-pays-but-then-prison dept.

tsu doh nimh writes in with news of a major sting operation against carders. From the article: "The U.S. Justice Department today unveiled the results of a two-year international cybercrime sting that culminated in the arrest of 26 people accused of trafficking in hundreds of thousands of stolen credit and debit card accounts. Among those arrested was an alleged core member of 'UGNazi,' a malicious hacking group that has claimed responsibility for a flood of recent attacks on Internet businesses."
The trick: the FBI ran a carding forum as a honeypot.

If you're talking about Silk Road then I'm sure the authorities are pretty annoyed by it since at least here in Sweden they can't really do much if they somehow intercept a package containing drugs, weapons or some other contraband at the border and they can't follow the money or otherwise tie it to you (and it being addressed to you doesn't count since if it did you could just mail a few illegal items to anyone you wanted and tell the cops those people were expecting packages containing said illegal items).

The Silk Road thing set off my tin foil hat alarm. If I were a TLA, there's no way I'd openly admit that there was a way to be completely out of their reach.

$5 says Tor, or at least Silk Road is compromised, or maybe even a honeypot itself. If you were into the kind of thing they're in to, and a little short on the brain cell front, wouldn't you flock to the "Guaranteed safe by the FBI!" places?

I'd be suspicious as well except that a conspiracy theory like this would require a few unlikely things.

First of all, even if Silk Road itself was trying to gather user info all they could really catch would be usernames, passwords, delivery addresses and BC addresses that they received BC from, none of which are very useful in a trial if the user has taken the basic recommended security precautions. It's not like they're asking for a whole bunch of private personal info, they want their users to supply the

It wouldn't surprise me to discover that Tor had been broken by the NSA, but they're not going to reveal that they've managed to do that just to convict a few people of possession/supply of controlled substances.

PROTIP: In Germany, that behavior is illegal for a reason.The very same reason, the content Mafia can’t set up file sharing servers and downloads, and then sue people for downloading that.It means you are part of the crime. (But hey, the FBI is used to that like no other...)And that means you can't sue, without incriminating yourself too.

Yes, this not also counts for the police, but counts ESPECIALLY for the police, which is held to a higher standard.

PROTIP: In Germany, that behavior is illegal for a reason.The very same reason, the content Mafia canâ(TM)t set up file sharing servers and downloads, and then sue people for downloading that.It means you are part of the crime. (But hey, the FBI is used to that like no other...)And that means you can't sue, without incriminating yourself too.

No, while both are illegal, it's for different reasons. One is called "unclean hands", and the other is called "entrapment".

If VISA had set up a site and participated in hacking VISA cards, they would have unclean hands. It would change their status.

If a three letter agency does the same, and it causes people who otherwise would not have done that particular crime to do it, it's called entrapment. It would change the suspect's status.

If a three letter agency does the same, and it causes people who otherwise would not have done that particular crime to do it, it's called entrapment. It would change the suspect's status.

This is a common and incorrect understanding of entrapment. It's entrapment if the FBI tells you to steal credit cards, and then arrests you for it. It is not entrapment if the FBI makes credit cards available to be stolen, and then arrests you for it stealing them, The former is an example of the FBI pressuring you to do something you wouldn't have done. The latter is an example of the FBI facilitating you to do something you would have done, given an opportunity.

Entrapment: You should hire that hitman to kill your wife.Not entrapment: I'm a hitman. Do you want to kill your wife?

One shared by the Supreme Court Of The United States.They incorrectly claim that the prosecution must overcome a "subjective test" by showing the defendant had a predisposition to commit the crime in any event, even if the law enforcement operatives had not been present.

They're not telling anyone in particular to steal the bait car. They're just parking it in a crime-ridden neighborhood with the doors unlocked with the key in the ignition. It still has to be stolen by somebody.

In the same way, the FBI can make it as easy as possible to steal credit cards. You still have to steal them.

You didn't bother to read either of the articles you linked to, did you?

In both cases, it was established that government agents pressured the defendents to commit the crime they are being prosocuted for.

Here's the most relevent quotes from the articles you linked:

Jacobson v. United States

After 2 1/2 years on the Government mailing list, Jacobson was solicited to order child pornography. He answered a letter that described concern about child pornography as hysterical nonsense and decried international cens

If they had evidence that they were already doing something illegal, they should have arrested them on that evidence.

Entrapment is mostly illegal, and can only be used when it can be shown that the crime would occur by the same defendant whether or not the police was involved.If any of the 26 might not have committed the crime if it wasn't for the FBI's web site, the case should fall.

This is not automatically entrapment. The sting is just like a drugs for sale or prostitution on a street corner. Undercover cop wearing a wire and being videotaped by concealed police sits on stragetic street corner known to be hot with drugs or prostitution. The undercover cop is dressed to bait the individual seeking the drugs/services they believe the undercover is there to provide. When the individual atempts to solicit for purchase the drugs/services they are arrested for that crime.

This case feels more like they didn't just leave a car to be stolen, but went around offering everyone a ton of money to steal it for them. (In the first case they would have likely stolen a car either way, in the second case they probably wouldn't have)

As I always say, if you're going to do a car analogy on slashdot, it is simple good taste to make it as fucking ludicrously inapposite as possible.

Real criminals? If they were actually using credit card information to make illegal purchases, they ARE real criminals! Just because you don't have to mug someone to get his wallet doesn't matter. At least when you are mugged (assuming you don't have to go to the hospital) you know your personal information has been stolen. When your personal information is stolen via the computer, you often don't learn about it until the big bills start to pile up. Also, a mugger usually steals only hundreds (maybe thousands) a credit card thief usually starts at that point and goes up from there. In terms of money lost, we went the FBI to go after them and the thieves running the big banks and Wall Street. Let the local police deal with the muggers.

A fair amount over time, if you include their continued activity and the fact they get away with it encouraging others to try too. A lot of law "enforcement" is actually using people as examples to discourage non-compliance: they got caught and were given time, you might be too if you try the same thing.

So why were people dealing in large volumes of stolen credit cards not "real criminals" then?

Because, according to slashdot's libertarian standards, merely copying the data is not a crime, only the actual fraudulent use of it is. Therefore, if I have a million illegally obtained credit card details on my computer, it doesn't mean I have done anything wrong

It's analogous to the terrorist group who accumulate explosives, prepare detailed plans of their attack, and are caught by the police just before they actually kill any one. A lot of people here would (logically) have to say they have done no

You don't understand the type. There is a group of people who see "Cops Bust ______ " and automatically think "Cops are Criminals", giving the entire benefit of the doubt to the people busted. It was entrapment, they got innocent people or some other excuse is "more likely" than cops actually doing something good.

Credit card fraud is as real a crime as any other white collar offence. Just because it doesn't affect you as an individual (since you are unlikely to end up out of pocket) doesn't make it an acceptable way of behaving.

I always find it amusing on slashdot that everyone would happily hang, draw and quarter spammers, because they slow down our lovely computers and networks, but don't seem to care about actual theft of money from banks, for which we all end up paying one way or another.

HILARIOUS.. I mean it reminds me of the dick-tracy parody bugs bunny cartoon yeaaaaaars ago where the villains' hideout was marked by a blinking marquee and neon signs that said "secret hideout" or something. how dumb are the criminals that fall for this?

most criminals are dumb. its just that unless its a violent crime most times the cops ignore you if you're a loner. once you set up an organization that starts costing businesses a lot of money you get noticed.

the people involved are dumb

EVERYTHING is trackedif you're a checkout drone everything is tracked. everyone knows which purchases you ring up. if there is a rash of CC fraud the first thing people will do is look in the computer for similarities and guess what, they will find that by some strange coin

Madoff did not get away with his Ponzi scheme because he was smart. He got away with it because the regulators never investigated any of the red flags that should have clued them that something about his scheme was dodgy (partly because Madoff had high powered friends).

Want the truth? Most of them, that's how you catch the majority of them, and I'm not talking about closure rates. I'm talking about the plain old dumb criminals that simply hand you everything they know right off the bat. Most criminals are dumb, it doesn't take much in the way of brains to be one. It's being crafty and sly that makes a good criminal.

The carders they busted are low-life amateurs, not serious criminals. I'm sure the FBI and friends will milk this for all it's worth, but it's the equivalent of nicking a couple of shoplifters while at the same time, Mexican drug lords are burning down the entire city.

Come and wake me up when they bag some REAL criminals, like the big Russian gangsters robbing SMEs out of hundreds of millions per annum.

Of course the parent poster is right... I'd imagine any serious credit card thief would be operating through Tor, doing anonymous payment with something like Bitcoin, and not even fooling around with signing up on new sites of unknown/unverified origins.

But this is pretty typical for the FBI. They're as interested in the P.R. as anything else. They need to show they're making arrests and giving the news media something positive to print. It helps ensure their continued funding for the division handling these high-tech crimes and they probably also figure it's a deterrent to beginners, who could become tomorrow's elite card thieves otherwise.

No, it's typical of the FBI to pursue criminals, gather evidence and secure convictions. You might not think these thieves were serious or maybe they were just dumbasses but they were still thieves. After all they traded 400,000 stolen credit cards.

It's a matter of their priorities. They waste 2 years and countless amounts of time and resources to bust a mere 26 carders?

Meanwhile, well documented white collar crimes committed by the banking cartel are largely ignored. The FBI reported back in 2003 that there was an "Epidemic of Fraud" in the mortgage market but we didn't see an epidemic of investigations and prosecutions.

I guess the carders need to hire some lobbyists so that they too can buy a federally issued license to steal.

Who's to say this was their top priority or their only ongoing operation?

You assume that because they *only* arrested 26 people that somehow this investigation wasn't worth it. Except of course these were criminals responsible for trading 400,000 stolen cards and engaged in other related criminal activity. How much effort would be required to arrest 26 people on theft and fraud charges if they were unrelated investigations? At least this way they get to pool their investigation and a lot of the work was

I live in Mexico (born in the Netherlands). While there was a shoot out in a neighbourhood very close to ours about a year and a half ago, I suffer right now much more from actual criminals as in Banamex, the so called National Bank of Mexico.

Back in November my bank card got stolen, a card with a nice but meaningless MasterCard [1] logo. It got cloned before the theft was even discovered (piss poor security on those cards) and used to shop in 2 different locations, in total around 2000 USD of goods, includ

Last time I tried I even couldn't get a credit card (Banamex) with a FM3 visa. I had to sign 26+ forms, wait like 2 months and then I got declined. The reason? Banamex is afraid that as a foreigner you're going to leave the country taking their precious 20,000 MXN with you (less than 1,500 USD). As long as they do the ripping off it's OK, but beware, oh foreigner, because according to Banamex you're crooks by default.

Crime is crime. Since there's more than enough crime to go around for the resources available to fight it, that means the fighting has to be prioritized. But it doesn't mean all low level crimes are completely ignored while the biggest crimes get 100% of the resources.

The fight against carders is statistical. While it's more of a "nuisance" crime to the hundreds of thousands of people who have to disrupt their lives cleaning up their credit messes, the total loss from those hundreds of thousands of indiv

Does that seem circular to you? It does to me, because the reasoning seems to go like this:

If a criminal can be busted by cops, then that criminal is a low-life amateur, not a serious criminal. Therefore, whenever cops land a bust, they will always catch low-life amateurs, never serious criminals.

Logically this means the very act of being caught transforms any criminal into a low-life amateur, which means that cops can never catch serious criminals by the standard of this reasoning. Yet, this same reasoning

Yeah, I figured it would be obvious to this crowd. But it's a bit of hyperbole on reflection. I think I can rightly apprehend the confusion of ideas. GP post wants a technical means to determine the intent of a social system.

If the tcp packets coming back to you are mysteriously lacking in honey... it might be a honey pot.If their is a slight buzzing comming from your network connection... it might be a honey pot.If swarms of bees, bears, or badgers appear around your computer.... it might be a honey pot.

This is close, if dig returns a result at all be wary. You can never be sure but do you really want to be discussing illegal activities at a site hosted on Amazon Web Services (dig actually returns awsdns though that's probably synonymous with fbi.gov in this case) vs some dark net address.

If it's done well, you wouldn't. There is the chance someone at the FBI will slip up though - maybe use an IP address that is in the same allocation as other FBI public servers, or something like that. But if they don't, then there is no way to prove it *isn't* a honeypot.

I have seen some tech shows lately. Those tech guy/gals mutter a few strings of long tech sounding words and type a bit on a keyboard. If that ritual is done at the right time (about 10minutes left in the show assuming not a cliff-hanger episode) then pictures flash by on the screen and they magically get the location of the bad guys. If you're a black hat on those shows, then to get away you have to either be on the lookout for someone "silently pinging your network facing encrypted cloud based interface o

The honeypot itself is bait. And just like fishing in a lake, there's no particular reason that your bait must be an artificial lure - you often get better results using live bait.

Now, if you were privately investigating card fraud, perhaps on behalf of a victim, you might have come across the honeypot site and wanted to investigate it further to figure out who the bad guys are so you could report them. You'd probably do the same steps any investigator would to deter

If you are trolling Drug Dealer Drive for drugs and you happen to ask a undercover agent for drugs, you are guilty.

If a undercover agent posing as a drug dealer comes to you out of the blue and says that you need to buy his drugs so that he can help his sweet grandmother beat cancer, that's entrapment.

The difference is that in the first example, you were already out with the intention of doing something illegal. The second example you were approached by LEO and convinced to do something you normally wouldn't do.

IANAL and I'm sure each jurisdiction has it's own definition of entrapment but this is the jist.

"When an Oregon college student, Mohamed Osman Mohamud, thought of using a car bomb to attack a festive Christmas-tree lighting ceremony in Portland, the F.B.I. provided a van loaded with six 55-gallon drums of "inert material," harmless blasting caps, a detonator cord and a gallon of diesel fuel to make the van smell flammable. An undercover F.B.I. agent even did the driving, with Mr. Mohamud in the passenger seat. To trigger the bomb the student punched a number into a cellphone and got no boom, only a bust."

Emphasis mine. This is not entrapment at all. The attack was his idea. The feds just helped him along to show he was willing to go through with it. It's no different than if somebody asked a bartender about a hitman to kill their spouse, and then the feds supplied them with one.

The Cromitie case is much more dubious, and if it's true he wasn't actively seeking to become a jihadist, I feel it is entrapment. But I also feel that way about cops dropping bills on the subway and arresting people who pick them up and keep them, or cops who leave unlocked vehicles with keys in the ignition in bad neighborhoods.

If you think it is, you are an idiot that has no clue what the term entrapment means.

How the heck do you get a +3 insightful without bothering to explain why or even a cut and paste of the def?

I am not a lawyer blah blah. Some/.ers are, and will probably make fun of my definition, or even call me an idiot. Thats OK, that stuff makes me laugh. But the one line summary is: entrapment requires persuasive leadership by.gov not merely an announcement that ".gov is open for business!". The standard/. car analogy is walking onto the lot of your own free will with your own idea of buying a c

But the one line summary is: entrapment requires persuasive leadership by.gov not merely an announcement that ".gov is open for business!".

No, it doesn't have to be persuasive, it's enough that's inciting. If there is no evidence that the person would not have committed a crime of the same nature without the presence or actions of the , it's entrapment.

It's called undercover police work, and undercover police work is perfectly legal, including the commission of various non-violent crimes required to maintain their cover.

The cops weren't out there having TVs shipped to their houses and not documenting them so the victims wouldn't be reimbursed. They were hosting a forum, and made it look like other similar on-line criminal hangouts. When real criminals arrived, they maintained the forum long enough to accumulate enough evidence (IDs of suspects, records of criminal activity), then rolled them up.

It's been long known that the best way to catch a criminal is to pretend to be one. (Some might argue that the government is already doing a damned good job of that.) Getting them to show their hand (having a cop as a witness to the crime) and/or confess their misdeeds voluntarily is pretty much the best way to get a conviction.

This is why you get undercover cops buying drugs, joining gangs, etc. Stings are perfectly legal, and, if they follow the rules as laid out by the courts, seem pretty reasonable.